func()

in providers/rustsec/rustsec.go [202:305]

• 96 lines of code
• 11 McCabe index (conditional complexity)

func (item *advisoryItem) newConfigurations() (*nvd.NVDCVEFeedJSON10DefConfigurations, error) {
	pkg, err := wfn.WFNize(item.Package)
	if err != nil {
		return nil, errors.Wrapf(err, "cannot wfn-ize: %q", item.Package)
	}
	cpe := wfn.Attributes{Part: "a", Product: pkg}
	cpe22uri := cpe.BindToURI()
	cpe23uri := cpe.BindToFmtString()

	matches := []*nvd.NVDCVEFeedJSON10DefCPEMatch{}
	unnafected := append(item.UnaffectedVersions, item.PatchedVersions...)

	for _, version := range unnafected {
		if len(version) < 2 {
			return nil, errors.Errorf("malformed version schema in %#v: %q", item, version)
		}

		var curver string

		switch version[:1] {
		case "=", "^":
			curver = strings.TrimSpace(version[1:])
			wfnver, err := wfn.WFNize(curver)
			if err != nil {
				return nil, errors.Wrapf(err, "cannot wfn-ize version: %q", curver)
			}
			cpe := wfn.Attributes{Part: "a", Product: pkg, Version: wfnver}
			cpe22uri := cpe.BindToURI()
			cpe23uri := cpe.BindToFmtString()
			match := &nvd.NVDCVEFeedJSON10DefCPEMatch{
				CPEName: []*nvd.NVDCVEFeedJSON10DefCPEName{
					{
						Cpe22Uri: cpe22uri,
						Cpe23Uri: cpe23uri,
					},
				},
				Cpe23Uri:   cpe23uri,
				Vulnerable: version[:1] == "=",
			}
			matches = append(matches, match)

		case ">", "<":
			match := &nvd.NVDCVEFeedJSON10DefCPEMatch{
				CPEName: []*nvd.NVDCVEFeedJSON10DefCPEName{
					{
						Cpe22Uri: cpe22uri,
						Cpe23Uri: cpe23uri,
					},
				},
				Cpe23Uri:   cpe23uri,
				Vulnerable: false, // these are patched + unaffected versions
			}
			curver = strings.TrimSpace(version[2:])
			switch version[:2] {
			case "> ":
				match.VersionStartExcluding = curver
			case ">=":
				match.VersionStartIncluding = curver
			case "< ":
				match.VersionEndExcluding = curver
			case "<=":
				match.VersionEndIncluding = curver
			default:
				return nil, errors.Errorf("malformed version schema in %#v: %q", item, version)
			}
			matches = append(matches, match)

		default:
			return nil, errors.Errorf("malformed version schema in %#v: %q", item, version)
		}
	}

	conf := &nvd.NVDCVEFeedJSON10DefConfigurations{
		CVEDataVersion: "4.0",
		Nodes: []*nvd.NVDCVEFeedJSON10DefNode{
			{
				Operator: "AND",
				Children: []*nvd.NVDCVEFeedJSON10DefNode{
					{
						CPEMatch: []*nvd.NVDCVEFeedJSON10DefCPEMatch{
							{
								CPEName: []*nvd.NVDCVEFeedJSON10DefCPEName{
									{
										Cpe22Uri: cpe22uri,
										Cpe23Uri: cpe23uri,
									},
								},
								Cpe23Uri:              cpe23uri,
								Vulnerable:            false,
								VersionStartIncluding: "0",
							},
						},
					},
					{
						Negate:   true,
						CPEMatch: matches,
					},
				},
			},
		},
	}

	return conf, nil
}